CN107798234B - Method for authenticating an instrument and system comprising the instrument - Google Patents

Method for authenticating an instrument and system comprising the instrument Download PDF

Info

Publication number
CN107798234B
CN107798234B CN201710758014.3A CN201710758014A CN107798234B CN 107798234 B CN107798234 B CN 107798234B CN 201710758014 A CN201710758014 A CN 201710758014A CN 107798234 B CN107798234 B CN 107798234B
Authority
CN
China
Prior art keywords
instrument
electronic device
certificate
computer
pin code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710758014.3A
Other languages
Chinese (zh)
Other versions
CN107798234A (en
Inventor
A·克奈菲尔
T·魏因加特纳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
F Hoffmann La Roche AG
Original Assignee
F Hoffmann La Roche AG
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by F Hoffmann La Roche AG filed Critical F Hoffmann La Roche AG
Publication of CN107798234A publication Critical patent/CN107798234A/en
Application granted granted Critical
Publication of CN107798234B publication Critical patent/CN107798234B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

A method for authenticating an instrument (102) for processing a biological sample or reagent is disclosed. The method includes generating a PIN code by the instrument (102), inputting the PIN code and identification data associated with the instrument (102) into a database (112) of the electronic device (104), verifying the PIN code and identification data on the electronic device (104), transmitting an authentication certificate to the instrument (102) if the PIN code and identification data correspond to target data stored in the database (112), installing the authentication certificate on the instrument (102), whereby the instrument (102) will be registered with the electronic device (104), and using the authentication certificate for encrypted communication between the instrument (102) and the electronic device (104). In addition, a system comprising an instrument (102) for processing a biological sample or reagent and an electronic device (104) is disclosed. The system (100) is configured to perform each step of the method.

Description

Method for authenticating an instrument and system comprising the instrument
Technical Field
Disclosed are a method of authenticating an instrument for processing a biological sample or reagent and a system including the instrument for processing the biological sample or reagent.
Background
In vitro diagnostic tests have a significant impact on clinical decision making and provide critical information to physicians. In particular, it is of great importance to provide rapid and accurate test results in a critical care environment. In vitro diagnostic tests are typically performed using instruments, such as pre-analytical instruments, post-analytical instruments, and analytical instruments, that are operable to perform one or more process steps/workflow steps on one or more biological samples and/or one or more reagents.
The analyzer/analyzer is configured to obtain a measurement. The analyzer is operable to determine parameter values of the sample or sample components via various chemical, biological, physical, optical or other technical steps. The analyzer may be operable to measure a parameter of the sample or at least one analyte and return a measurement obtained. The list of possible analysis results returned by the analyzer includes, but is not limited to: the concentration of the analyte in the sample, the numerical (yes or no) result indicating the presence of the analyte in the sample (corresponding to a concentration above the detection level), optical parameters, DNA or RNA sequences, data obtained from mass spectrometry of proteins or metabolites, and various types of physical or chemical parameters. The analysis instrument may comprise units facilitating pipetting, dosing and mixing of samples and/or reagents. The analyzer may comprise a reagent holding unit for holding reagents to perform the assay. The reagents may be arranged, for example, in the form of containers or cassettes containing individual reagents or a set of reagents, placed in appropriate receptacles or locations within a storage compartment or conveyor. It may comprise a consumable delivery unit. The analyzer may include a process and detection system that work flow is optimized for certain types of analysis. Examples of such analyzers are clinical chemistry analyzers, coagulation chemistry analyzers, immunochemistry analyzers, urine analyzers, nucleic acid analyzers for detecting the results of, or monitoring the progress of, a chemical or biological reaction.
These instruments need to register to establish a trust relationship with the electronic device for the purpose of secure communication therewith. For example, these instruments require registration to establish a trust relationship with the instrument manufacturer's remote electronics for proper operation. These remote electronic devices are spatially separated devices from the instrument. The instrument and the remote electronic device may communicate with each other, such as by means of a wireless local area network connection. Trust relationships may also be established with other local electronic devices, such as a data management system of a laboratory automation system on the same local network connection. To this end, current instruments allow a user to enter a PIN code on the device. However, a large number of instruments do not have the possibility of, for example, a keyboard for entering numbers and/or characters.
Disclosure of Invention
Embodiments of the disclosed method and system aim to provide the possibility to establish a trust relationship with an electronic device, in particular with a remote electronic device of the manufacturer of the instrument, and independently of whether the instrument provides means for entering numbers and/or characters.
The invention discloses a method for authenticating an instrument for processing biological samples or reagents, and a system comprising an instrument for processing biological samples or reagents, which allows the instruments to register, to function properly, and in particular allows the instruments to communicate with each other in an encrypted manner.
Embodiments of the disclosed method for authenticating an instrument for processing a biological sample or reagent and of a system comprising an instrument for processing a biological sample or reagent have the features of the independent claims. Further embodiments of the invention are disclosed in the dependent claims, which embodiments can be realized in an independent manner or in any arbitrary combination.
The terms "having," "including," or "containing," or any grammatical variations thereof, are used hereinafter in a non-exclusive manner. Thus, these terms may refer to the absence of other features in the entity described in the context of the present invention, in addition to the features introduced by these terms, as well as the presence of more than one other feature. As an example, the expressions "a has B", "a includes B" and "a includes B" may refer to the case where no other element is present in a than B (i.e., a consists only of B), and may also refer to the case where more than one other element is present in entity a than B (e.g., elements C, and D, or even other elements).
Furthermore, it should be noted that there may be one or more than one of the terms "at least one," "more than one," or similar terms referring to features or elements, which are generally used only once when introducing corresponding features or elements. Hereinafter, in most cases, the expression "at least one" or "more than one" will not be repeated when referring to the corresponding features or elements, despite the fact that there may be one or more than one of the corresponding features or elements.
Furthermore, the terms "in particular", "more particularly", "specifically", "more specifically" or similar terms as used hereinafter may be used in combination with additional/alternative features without limiting the possibilities of alternatives. Thus, the features introduced by these terms are additional/alternative features and are not intended to limit the scope of the claims in any way. As those skilled in the art will appreciate, the invention may be implemented using alternative features. Similarly, features introduced by "embodiments of the invention" or similar expressions are intended as additional/alternative features, without any limitation of alternative embodiments of the invention, without any limitation of the scope of the invention, without any limitation of the possibilities of combinations of features introduced in this way with other additional/alternative or non-additional/alternative features of the invention.
According to the present invention there is disclosed a computer-implemented method for authenticating an instrument for processing a biological sample or reagent, the method comprising:
-generating a PIN code by the instrument;
-registering the PIN code and identification data associated with the instrument in a database of an electronic device, such as a remote electronic device;
-verifying the PIN code and the identification data on the electronic device;
-transmitting an authentication certificate to the instrument if the PIN code and identification data correspond to target data stored in the database;
-installing the authentication certificate on the instrument, whereby the instrument is registered with the electronic device; and
-using the authentication certificate for encrypted communication between the instrument and the electronic device.
Thus, the method disclosed in the present invention allows to establish an encrypted communication between an instrument and an electronic device, such as a remote electronic device, even if the instrument does not allow the possibility of entering any information.
The term "instrument" as used herein refers to any device or device component operable to perform one or more process steps/workflows on one or more biological samples and/or one or more reagents. Thus, the expression "process step" refers to a process step that is performed physically, such as centrifugation, aliquot, sample analysis, and the like. The term "instrument" encompasses pre-analytical instruments, post-analytical instruments, and analytical instruments. Thus, the use of the term "instrument" is synonymous with the term "laboratory instrument".
The term "analyzer"/"analytical instrument" as used herein includes any device or device component configured to obtain a measurement. The analyzer is operable to determine parameter values of the sample or sample components via various chemical, biological, physical, optical or other technical steps. The analyzer may be operable to measure said parameter of the sample or said parameter of the at least one measured object and return the obtained measurement. The list of possible analysis results returned by the analyzer includes, but is not limited to: the concentration of the analyte in the sample, the numerical (yes or no) result indicating the presence of the analyte in the sample (corresponding to a concentration above the detection level), optical parameters, DNA or RNA sequences, data obtained from mass spectrometry of proteins or metabolites, and various types of physical or chemical parameters. The analysis instrument may comprise units facilitating pipetting, dosing and mixing of samples and/or reagents. The analyzer may comprise a reagent holding unit for holding reagents to perform the assay. Of course, the analyzer may include a handheld device for holding the reagent. The reagents may be arranged, for example, in the form of containers or cassettes containing individual reagents or a set of reagents, placed in appropriate receptacles or locations within a storage compartment or conveyor. It may comprise a consumable delivery unit. The analyzer may include a process and detection system that work flow is optimized for certain types of analysis. Examples of such analyzers are clinical chemistry analyzers, coagulation chemistry analyzers, immunochemistry analyzers, urine analyzers, nucleic acid analyzers for detecting the results of, or monitoring the progress of, a chemical or biological reaction.
The term "authentication certificate" as used herein refers to a collection of digital data that confirms a predetermined characteristic of an object. Its authenticity and integrity can be verified by cryptographic methods. The authentication certificate includes data necessary for verification thereof. The certificate of authenticity is generated by an official certification authority. For example, the authentication certificate may be a so-called public key certificate. Such certificates include information about the key, information about the identity of its owner, and a digital signature of the entity that has verified that the certificate's content is correct.
The method may also include generating a certificate signing request, sending the certificate signing request to a certification authority connected to the electronic device, signing the certificate signing request by the certification authority, generating the certification certificate, and sending the certification certificate to the instrument. Thereby, verification and transfer of authentication certificates is facilitated. It is noted that the certificate signing request includes a public key generated on an instrument requiring registration, such as an analyzer. A key pair including a private key and a public key is generated prior to sending the certificate signing request, and the public key is included in the certificate signing request, wherein the private key is retained on the instrument.
The method may also include encrypting the certificate signing request, sending the encrypted certificate signing request to the electronic device, decrypting the certificate signing request and then signing the certificate signing request, encrypting the authentication certificate, sending the encrypted authentication certificate to the instrument, and decrypting the authentication certificate by the instrument. Thereby, the security of data exchange is enhanced. It is noted that the PIN may be used for encryption and/or decryption. Instead, the normal process is such that the certificate on the instrument installed on the instrument during production will be used in the encryption process and the PIN will be encrypted.
The method may also include decrypting, by the electronic device, the certificate signing request, and sending the certificate signing request decrypted by the electronic device to a certificate authority. Thereby, secure transmission of the request to the electronic device is ensured.
The method may further comprise encrypting the authentication certificate with itself and a previous authentication certificate of the instrument. Thereby, a reliable encryption of the request is provided.
Installing the authentication credential on the instrument may include replacing a previous authentication credential of the instrument. Thereby, the authentication certificate is updated, which ensures an update of the encrypted communication between the instrument and the electronic device.
The method may further include encrypting the certificate signing request with at least the previous authentication certificate. Thereby, a secure transfer of the request is provided, which reduces the risk of any spurious requests.
The PIN code and identification data may be entered by means of an input device separate from the instrument and the electronic device. Thus, the instrument does not need to provide the possibility to enter data required for registration, but the registration process can be performed with any external input means.
The input device may be connected to the electronic device by means of an online connection. Thereby, a fast communication between the input device and the electronic device is provided.
For example, the input device may be an inlet of the electronic device. Thereby, a convenient input possibility for inputting data required for registration is provided.
The method may further comprise connecting the apparatus to the electronic device by means of an online connection, and transmitting the authentication certificate to the apparatus via the online connection. Thereby, a facilitated possibility for data exchange between these devices is provided.
The method may further include displaying the generated PIN on a display of the instrument. Thus, the user of the instrument obtains the information required to securely log into the instrument and register the instrument.
The identification data includes a model number and/or a serial number of the instrument. The authenticity of the instrument can thus be verified unambiguously.
According to the presently disclosed system, the system comprises an electronic device and an instrument for processing a biological sample or reagent, wherein the system is configured to perform each of the steps of the above-described method.
The instrument may be configured to generate a PIN code, wherein the electronic device comprises a database, wherein the PIN code and identification data associated with the instrument can be entered into the database, wherein the electronic device is configured to verify the PIN code and identification data, and transmit an authentication certificate to the instrument if the PIN code and identification data correspond to target data stored in the database, wherein the authentication certificate is configured to be installed on the instrument, and wherein the authentication certificate is configured for encrypted communication between the instrument and the electronic device.
The system disclosed by the invention thus allows to establish an encrypted communication between the instrument and the electronic device, even if the instrument does not allow the possibility of inputting any information.
The system may further comprise an input device independent of the instrument, and wherein the PIN code and identification data can be entered by means of the input device. Thus, the system allows the PIN code and the identification data to be entered irrespective of whether the instrument has the possibility to do so.
The apparatus may be connected to an electronic device by means of an online connection, wherein the authentication certificate is transmittable to the apparatus via the online connection. Thereby, a convenient connection between the instrument and the electronic device is provided.
The instrument may include a display, wherein the display is configured to display the generated PIN. Thereby, the user of the instrument obtains the information necessary for securely logging in the instrument and registering said instrument.
The identification data includes a model number and/or a serial number of the instrument. The authenticity of the instrument can thus be verified unambiguously.
The invention further discloses and proposes a computer program comprising computer-executable instructions for performing the method according to the disclosed method/system in one or more embodiments comprised by the invention, when said program is executed on a computer or a computer network. In particular, the computer program may be stored on a computer readable data carrier. Thus, in particular, one, more than one or even all of the above-described method steps may be performed by using a computer or a computer network, in particular using a computer program.
The present invention further discloses and proposes a computer program product with program code means for performing the method according to the disclosed method/system of the present invention in one or more embodiments comprised by the present invention, when the program is executed on a computer or a computer network. In particular, the program code means may be stored on a computer readable data carrier.
Further, the present invention discloses and proposes a data carrier having a data structure stored thereon, which after loading into a computer or computer network, such as a working memory or a main memory of a computer or computer network, can perform a method according to one or more embodiments of the present disclosure.
The invention further discloses and proposes a computer program product with program code means stored on a machine-readable carrier, for performing a method according to one or more of the embodiments of the present disclosure when the program is executed on a computer or a computer network. A computer program product, as used herein, refers to a program that is a tradable product. The product may generally be present in any format, for example in a paper format, or on a computer-readable data carrier. In particular, the computer program product may be distributed over a data network.
Finally, the present invention proposes and discloses a modulated data signal comprising instructions readable by a computer system or a computer network for performing a method according to one or more embodiments of the present disclosure.
In terms of computer-implemented aspects of the invention, one or more method steps, or even all method steps, of a method according to one or more embodiments of the present disclosure may be performed using a computer or a network of computers. Thus, in general, any method steps including providing and/or manipulating data may be performed using a computer or a network of computers. In general, these method steps may include any method steps, usually in addition to those that require manual work, such as providing a sample and/or performing some aspect of an actual measurement.
Specifically, the disclosed method/system further discloses:
a computer or computer network comprising at least one processor, wherein said processor is adapted to perform a method according to one of the embodiments described in the present specification,
a computer-loadable data structure adapted to perform a method according to one of the embodiments described in this specification when said data structure is executed on a computer,
-a computer program adapted to perform a method according to one of the embodiments described in this specification when said program is executed on a computer,
a computer program comprising program means for performing a method according to one of the embodiments described in this specification when said computer program is executed on a computer or a computer network,
a computer program according to the previous embodiment comprising program means, wherein said program means are stored on a computer readable storage medium,
a storage medium, wherein a data structure is stored on said storage medium, and wherein said data structure is adapted to perform the method of one of the embodiments described in the present description after having been loaded onto a main memory and/or a working memory of a computer or of a computer network,
a computer program product having program code means storable on or stored on a storage medium for performing a method of one of the embodiments described in the present specification when the program code means is executed on a computer or a computer network.
Summarizing the discovery of the disclosed method/system, the following embodiments are disclosed:
example 1: a computer-implemented method for authenticating an instrument for processing a biological sample or reagent, the method comprising:
-generating a PIN code by the instrument;
-registering the PIN code and identification data associated with the instrument in a database of an electronic device;
-verifying the PIN code and identification data at the electronic device;
-transmitting an authentication certificate to the instrument if the PIN code and identification data correspond to target data stored in the database;
-installing the authentication certificate on the instrument, whereby the instrument is registered with the electronic device; and
-using the authentication certificate for encrypted communication between the instrument and the electronic device.
Example 2: the method of embodiment 1, further comprising: generating a certificate signing request, sending the certificate signing request to a certificate authority connected to an electronic device, signing the certificate signing request by the certificate authority, generating the certification certificate, and sending the certification certificate to the instrument.
Example 3: the method of embodiment 2, further comprising: encrypting the certificate signing request, sending the encrypted certificate signing request to the electronic device, decrypting the certificate signing request and then signing the certificate signing request, encrypting the authentication certificate, sending the encrypted authentication certificate to the instrument, and decrypting the authentication certificate by the instrument.
Example 4: the method of embodiment 3, further comprising: decrypting, by the electronic device, the certificate signing request, and sending the certificate signing request decrypted by the electronic device to the certification authority.
Example 5: the method of embodiment 3 or 4, further comprising: encrypting the authentication certificate with itself and a previous authentication certificate of the instrument.
Example 6: the method of embodiment 5, wherein installing the authentication credential on the instrument comprises replacing the previous authentication credential of the instrument.
Example 7: the method of any of embodiments 3-6, further comprising: encrypting the certificate signing request with at least the previous authentication certificate.
Example 8: the method according to any of embodiments 1-7, wherein the PIN code and identification data are entered by means of an input device separate from the instrument and the electronic device.
Example 9: the method of embodiment 8, wherein the input device is connected to the electronic device by way of a wired connection.
Example 10: the method of embodiment 8 or 9, wherein the input device is an inlet of the electronic device.
Example 11: the method of any of embodiments 1-10, further comprising: connecting the instrument to the electronic device by means of an online connection and transmitting the authentication certificate to the instrument via the online connection.
Example 12: the method of any of embodiments 1-11, further comprising: the generated PIN is displayed on a display of the instrument.
Example 13: the method according to any of embodiments 1-12, wherein the identification data comprises a model number and/or a serial number of the instrument.
Example 14: a system comprising electronics and an instrument for processing a sample or reagent, wherein the system is configured to perform each step of the method according to any one of embodiments 1 to 13.
Example 15: the system of embodiment 14, wherein the instrument is configured to generate a PIN code, wherein the electronic device comprises a database, wherein the PIN code and identification data associated with the instrument can be entered into the database, wherein the electronic device is configured to verify the PIN code and identification data, and if the PIN code and identification data correspond to target data stored in the database, to transmit an authentication certificate to the instrument, wherein the authentication certificate is configured to be installed on the instrument, and wherein the authentication certificate is configured for encrypted communication between the instrument and the electronic device.
Example 16: the system of embodiment 15, further comprising: an input device independent of the instrument and the electronic device, wherein the PIN code and identification data can be entered by means of the input device.
Example 17: the system of embodiment 15 or 16, wherein the instrument is connected to the electronic device by means of an online connection, wherein the authentication credential is transmittable to the instrument via the online connection.
Example 18: the system of any of embodiments 15-17, wherein the instrument comprises a display, wherein the display is configured to display the generated PIN.
Example 19: a system as claimed in any one of embodiments 15 to 18 wherein the identification data includes a model number and/or serial number of the instrument.
Drawings
Further features and embodiments of the invention will be disclosed in more detail in the ensuing description, particularly in conjunction with the dependent claims. Wherein the respective features may be implemented in an independent manner as well as in any arbitrary combination, as will be appreciated by a person skilled in the art. Embodiments are schematically depicted in the drawings. Wherein like reference numbers refer to identical or functionally identical elements throughout the separate views.
In the drawings:
fig. 1 shows a schematic diagram of a system.
Detailed Description
Fig. 1 shows a schematic diagram of a system 100. The system 100 includes an instrument 102 for processing a biological sample or reagent and an electronic device 104, such as a remote electronic device 104. The instrument 102 includes a computing device 106. The computing device 106 is configured to control a unit (not shown in detail) that facilitates a workflow performed by the instrument 102. The instrument 102 includes a display 108. The instrument 102 does not have a keyboard or any other interface that allows numbers and/or characters to be entered into the computing device 106. Thus, the instrument 102 is configured to display information by means of the display 108 without allowing its user to enter any instructions, control commands, numbers, characters, etc. The electronic device 104 may be a service center or a certificate management service center of the manufacturer of the instrument 102. The instrument 102 is connected to the electronic device 104 by means of an online connection 110. The electronic device 104 includes a database 112. The system 100 also includes an input device 114 that is separate from the instrument 102 and the electronic device 104. The input device 114 is configured to allow input to the database 112. The input device 114 is an entry into the electronic device 104, such as a web site. The input device 114 comprises a keyboard, a touch screen, or any other interface for allowing data to be input into the database 112. The input device 114 may be a computing device such as a PC, laptop, notebook, or the like.
In order for the instrument 102 to function properly, the instrument 102 needs to be authenticated. To this end, the system 100 allows at least the following configuration. The instrument 102 is configured to generate a PIN code. More specifically, the display 108 is configured to display the generated PIN. The PIN code and identification data associated with the instrument 102 can be entered into the database 112 by means of the input device 114. The identification data includes the model number of the instrument 102. Alternatively or additionally, the identification data includes a serial number of the instrument 102. The electronic device 104 is configured to verify the PIN code and the identification data and to transmit the authentication credentials to the instrument 102 via the online connection 110 if the PIN code and the identification data correspond to target data stored in the database 112. The authentication certificate is configured to be installed on the instrument 102. The authentication certificate is configured for encrypted communication between the instrument 102 and the electronic device 104.
Hereinafter, the method for authenticating the instrument 102 will be described in more detail. The user of the instrument 102 turns on the instrument 102. The instrument 102 generates a PIN code and displays the PIN code on the display 108. The user starts logging in to the database 112 by means of the login information. The login information is pre-delivered to the user of the instrument 102. The login information may be delivered by means of an electronic message such as email, SMS, etc. After logging in, the user enters the PIN code and identification data associated with the instrument 102 into the database 112 by means of the input device 114. The PIN code and identification data associated with the instrument 102 are then verified on the electronic device 104. If the PIN code and identification data associated with the instrument 102 correspond to the target data stored in the database 112, the authentication credentials are transmitted to the instrument 102 via the online connection 110.
Verification of the PIN code and identification data associated with the instrument 102 and transmission of the authentication credentials may be performed as follows. A certificate signing request is generated by the instrument 102. The certificate signing request is encrypted with at least the previous certificate of authenticity of the instrument 102, which may be pre-installed, such as at the time of sale of the instrument 102. In this example, the certificate signing request also includes an encrypted PIN. As an alternative, the PIN may be used directly for encryption. The encrypted certificate signing request is sent to the electronic device 104. The electronic device 104 decrypts the certificate signing request and sends the certificate signing request decrypted by the electronic device 104 to a certificate authority 116 connected to the electronic device 104. The certification authority 116 may be operated by the manufacturer of the instrument 102 or by another vendor. Certificate authority 116 signs the certificate signing request. Thus, the certificate signing request is decrypted and then signed by the certification authority 116. Thus, the certification authority 116 generates a certificate of authenticity and transmits the certificate of authenticity to the electronic device 104. The electronic device 104 encrypts the authentication certificate. In particular, the authentication credential is encrypted with the authentication credential itself and/or a previous authentication credential of the instrument 102. Both are efficient encryption processes, the first with the public key included in the certificate signing request and the second with the previous certificate, where both encryptions can be applied together. The encrypted authentication certificate is then sent to the instrument 102. The authentication certificate is decrypted by the instrument 102. In particular, since the instrument still includes the previous certificate of authenticity, it can decrypt the certificate of authenticity. If the newly generated public key is to be used for encryption by the electronic device 104, the instrument 102 will use the private key for decryption. Next, the authentication certificate is installed on the instrument 102, whereby the instrument 102 is registered with the electronic device 104. Installing the authentication certificate includes replacing a previous authentication certificate in the instrument 102. After installation, the authentication certificate is used for encrypted communication between the instrument 102 and the electronic device 104. Thus, the instrument 102 may be operated properly and receive sufficient support from the electronic device 104.
It is noted that if the user of the instrument 102 does not access the input device 114, the user may contact a service center of the electronic device 104, where support personnel may enter the PIN code and identification data on behalf of the user. The remaining methods may be performed as described above.
Other aspects of the invention are:
1. the system 100, wherein the instrument 102 is configured to generate a PIN code, wherein the electronic device 104 comprises a database 112, wherein the PIN code and identification data associated with the instrument 102 can be entered into the database 112, wherein the electronic device 104 is configured to verify the PIN code and identification data, and to transmit an authentication credential to the instrument 102 if the PIN code and identification data correspond to target data stored in the database 112, wherein the authentication credential is configured to be installed on the instrument 102, and wherein the authentication credential is configured for encrypted communication between the instrument 102 and the electronic device 104.
2. The system 100 according to aspect 1, further comprising an input device 114 independent of the instrument 102 and the electronic device 104, wherein the PIN code and the identification data can be entered by means of the input device 114.
3. The system 100 according to aspect 1 or 2, wherein the instrument 102 is connected to the electronic device 104 by means of an online connection 110, wherein the authentication certificate can be transmitted to the instrument 102 via the online connection 110.
4. The system 100 according to any of aspects 1 to 3, wherein the instrument 102 comprises a display 108, wherein the display 108 is configured to display the generated PIN.
5. The system 100 according to any of aspects 1 to 4, wherein the identification data comprises a model number and/or a serial number of the instrument 102.
List of reference numerals
100 system
102 instrument
104 electronic device
106 computing device
108 display
110 in-line connection
112 database
114 input device
116 authentication mechanism

Claims (15)

1. A computer-implemented method for authenticating an instrument (102), the instrument (102) for processing a biological sample or reagent, the method comprising:
-generating a PIN code by the instrument (102);
-registering the PIN code and identification data associated with the instrument (102) in a database (112) of an electronic device (104), wherein the PIN code and identification data are entered by means of an input device (114) independent of the instrument (102);
-verifying the PIN code and identification data at the electronic device (104);
-transmitting an authentication certificate to the instrument (102) if the PIN code and identification data correspond to target data stored in the database (112);
-installing the authentication certificate on the instrument (102), whereby the instrument (102) is registered with the electronic device (104); and
-using the authentication certificate for encrypted communication between the instrument (102) and the electronic device (104).
2. The computer-implemented method of claim 1, further comprising: generating a certificate signing request, sending the certificate signing request to a certification authority (116) connected to the electronic device (104), signing the certificate signing request by the certification authority (116), generating the certification certificate, and sending the certification certificate to the instrument (102).
3. The computer-implemented method of claim 2, further comprising: -encrypting the certificate signing request, -sending the encrypted certificate signing request to the electronic device (104), -decrypting the certificate signing request, then signing the certificate signing request, -encrypting the authentication certificate, -sending the encrypted authentication certificate to the instrument (102), -decrypting the authentication certificate by the instrument (102).
4. The computer-implemented method of claim 3, further comprising: decrypting, by the electronic device (104), the certificate signing request and sending the certificate signing request decrypted by the electronic device (104) to the certification authority (116).
5. The computer-implemented method of claim 3 or 4, further comprising: encrypting the authentication certificate with itself and a previous authentication certificate of the instrument (102).
6. The computer-implemented method of claim 5, wherein installing the authentication credential on the instrument (102) comprises replacing the previous authentication credential of the instrument (102).
7. The computer-implemented method of claim 5, further comprising: encrypting the certificate signing request with at least the previous authentication certificate.
8. The computer-implemented method of claim 1, wherein the input device (114) is independent of the electronic device (104).
9. The computer-implemented method of claim 8, wherein the input device (114) is connected to the electronic device (104) by means of an online connection (110).
10. The computer-implemented method of claim 8 or 9, wherein the input device (114) is an inlet of the electronic device (104).
11. The computer-implemented method of claim 1, further comprising: connecting the instrument (102) to the electronic device (104) by means of an online connection (110), and transmitting the authentication certificate to the instrument (102) via the online connection (110).
12. The computer-implemented method of claim 1, further comprising: the generated PIN is displayed on a display (108) of the instrument (102).
13. The computer-implemented method of claim 1, wherein the identification data includes a model number and/or a serial number of the instrument (102).
14. A system (100) comprising an electronic device (104) and an instrument (102) for processing biological samples or reagents, wherein the system (100) is configured to perform each step of the method according to any one of claims 1 to 13.
15. The system (100) according to claim 14, wherein the instrument (102) is configured to generate a PIN code, wherein the electronic device (104) comprises a database (112), wherein the PIN code and identification data associated with the instrument (102) can be entered into the database (112), wherein the electronic device (104) is configured to verify the PIN code and identification data, transmit an authentication certificate to the instrument (102) if the PIN code and identification data correspond to target data stored in the database (112), wherein the authentication certificate is configured to be installed on the instrument (102), and wherein the authentication certificate is configured to be used for encrypted communication between the instrument (102) and the electronic device (104).
CN201710758014.3A 2016-09-01 2017-08-29 Method for authenticating an instrument and system comprising the instrument Active CN107798234B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP16186835.1 2016-09-01
EP16186835.1A EP3291502B1 (en) 2016-09-01 2016-09-01 Method for authenticating an instrument for processing a biological sample or reagent, and system comprising an instrument for processing a biological sample or reagent

Publications (2)

Publication Number Publication Date
CN107798234A CN107798234A (en) 2018-03-13
CN107798234B true CN107798234B (en) 2021-07-02

Family

ID=56852193

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710758014.3A Active CN107798234B (en) 2016-09-01 2017-08-29 Method for authenticating an instrument and system comprising the instrument

Country Status (4)

Country Link
US (1) US10439824B2 (en)
EP (1) EP3291502B1 (en)
JP (2) JP2018038039A (en)
CN (1) CN107798234B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11496322B2 (en) * 2018-05-21 2022-11-08 Entrust, Inc. Identity management for software components using one-time use credential and dynamically created identity credential
US11265714B2 (en) * 2018-12-28 2022-03-01 Cable Television Laboratories, Inc. Systems and methods for subscriber certificate provisioning
CN110010235A (en) * 2019-04-19 2019-07-12 广州医软智能科技有限公司 A kind of blood gas analysis packet supply chain management method and system based on Internet of Things

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101518074A (en) * 2006-04-13 2009-08-26 阿詹姆斯有限责任公司 System for triggering terminals
CN102144197A (en) * 2008-06-23 2011-08-03 菲利普·J·斯查弗 Integrating media display into computer peripherals and computing systems: the media mouse, media keboard, media monitor, media mate, media screen and mediabook
CN103107883A (en) * 2013-01-04 2013-05-15 深圳市文鼎创数据科技有限公司 Safe protection method of personal identification number (PIN) and client
US9231925B1 (en) * 2014-09-16 2016-01-05 Keypasco Ab Network authentication method for secure electronic transactions

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
HU223924B1 (en) * 1999-05-21 2005-03-29 International Business Machines Corp. Method and system for initializing secure communications between a first and a second devices
US6640246B1 (en) 1999-09-17 2003-10-28 Ge Medical Systems Global Technology Company, Llc Integrated computerized materials management system
US6978364B1 (en) * 2000-04-12 2005-12-20 Microsoft Corporation VPN enrollment protocol gateway
US20040167465A1 (en) * 2002-04-30 2004-08-26 Mihai Dan M. System and method for medical device authentication
JP2008505402A (en) * 2004-06-29 2008-02-21 ウオーカー ディジタル、エルエルシー Apparatus and method for vending machine customer membership
EP2001188A1 (en) * 2007-06-08 2008-12-10 F.Hoffmann-La Roche Ag Method for authenticating a medical device and a remote device
ES2554993T3 (en) 2009-09-17 2015-12-28 F. Hoffmann-La Roche Ag Analysis system for the analysis of biological samples, methods and software product
CN102098160B (en) * 2010-11-11 2012-07-18 北京航空航天大学 Dynamic password and digital certificate based double-factor authentication security token device
CN102801574B (en) * 2011-05-27 2016-08-31 阿里巴巴集团控股有限公司 The detection method of a kind of web page interlinkage, device and system
US20130218779A1 (en) * 2012-02-21 2013-08-22 Rawllin International Inc. Dual factor digital certificate security algorithms
JP5978742B2 (en) * 2012-04-27 2016-08-24 セイコーエプソン株式会社 Communication apparatus, image forming apparatus, information processing method and program thereof
US9674173B2 (en) * 2014-04-10 2017-06-06 Blue Cedar Networks, Inc. Automatic certificate enrollment in a special-purpose appliance
US9401895B2 (en) * 2014-04-30 2016-07-26 Fujitsu Limited Device configuration for secure communication
CN105678179B (en) * 2014-11-20 2018-11-13 广东华大互联网股份有限公司 A kind of IC card internet terminal distributing method and management system
CN106713279B (en) * 2016-11-29 2019-12-13 北京航天爱威电子技术有限公司 video terminal identity authentication system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101518074A (en) * 2006-04-13 2009-08-26 阿詹姆斯有限责任公司 System for triggering terminals
CN102144197A (en) * 2008-06-23 2011-08-03 菲利普·J·斯查弗 Integrating media display into computer peripherals and computing systems: the media mouse, media keboard, media monitor, media mate, media screen and mediabook
CN103107883A (en) * 2013-01-04 2013-05-15 深圳市文鼎创数据科技有限公司 Safe protection method of personal identification number (PIN) and client
US9231925B1 (en) * 2014-09-16 2016-01-05 Keypasco Ab Network authentication method for secure electronic transactions

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Intensification of security in 2-factor biometric authentication system;Sonali Patil 等;《2015 International Conference on Pervasive Computing (ICPC)》;20150416;第1-4页 *
Radek Holý等.Identification persons-security components of ID card.《Anti-counterfeiting, Security, and Identification》.2012,第1-6页. *

Also Published As

Publication number Publication date
JP2018038039A (en) 2018-03-08
US20180062857A1 (en) 2018-03-01
EP3291502A1 (en) 2018-03-07
US10439824B2 (en) 2019-10-08
CN107798234A (en) 2018-03-13
JP7374266B2 (en) 2023-11-06
JP2022169506A (en) 2022-11-09
EP3291502B1 (en) 2021-07-28

Similar Documents

Publication Publication Date Title
JP7374266B2 (en) Method for authenticating equipment for processing biological samples or reagents, and system comprising equipment for processing biological samples or reagents
EP2674887B1 (en) Controlling an analysis system of biological samples
CN105765599B (en) Reader unit, diagnostic device, system and kit, access control method
EP3025257B1 (en) Systems and methods for a distributed clinical laboratory
USRE44345E1 (en) Host apparatus and method providing calibration and reagent information to a measurement apparatus which makes use of a consumable reagent in a measuring process
US20180254093A1 (en) Cryptographically secure medical test data distribution system using smart testing/diagnostic devices
RU2741658C2 (en) System and method of transporting objects
CN107851143A (en) Apparatus and method for using customer equipment certificate in equipment
EP2339337A2 (en) System for reading analyte test elements and for other uses
US20140219452A1 (en) Authentication of a chemical sensor in a portable electronic device
US20210328979A1 (en) Automatic Provisioning
EP3342122B1 (en) Multiple authorization modules for secure production and verification
CN110363572B (en) Program channel popularization method and device for closed ecological terminal and electronic equipment
JP2005196508A (en) Processing apparatus
CN106575467B (en) Medical equipment data transmission system and method
WO2022084194A1 (en) An apparatus and method for verifying electronic records
Jurcevic et al. Internet-enabled calibration services: Design of a secure calibration system
US8869266B2 (en) Management system of test device and management method thereof
KR20210112329A (en) Quantification of sequencing instruments and reagents for use in molecular diagnostic methods
US10680826B2 (en) Secure product identification and verification
CN101004773A (en) Image reading apparatus, authentication method, evaluation system, evaluation method, and computer program product
WO2022172237A1 (en) A device for managing the information of laboratory instruments and a method thereof
SE533449C2 (en) Selection of transaction functions based on user identity
JP2006079508A (en) Program, computer, and data processing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant